Skip to content
RocketLead Developers

Integrate with Budoo.one

Budoo.one is a martial-arts school management platform with no public API. To get RocketLead leads into Budoo’s contact list, we use Make.com as a bridge that:

  1. Receives a webhook from RocketLead (when a lead reaches “Gewonnen”).
  2. Logs into login.budoo.one by scraping the CSRF token from the login form, then POSTing the credentials.
  3. Fetches Budoo’s contact-create form to scrape a fresh CSRF token.
  4. POSTs the new contact with the lead’s data.

The whole thing runs in a single Make scenario.

Prerequisites

Section titled “Prerequisites”
  • A Budoo.one admin account with permission to create contacts.
  • A Make.com account — the Webhooks, HTTP, and Text parser modules are all included on Make’s free tier.
  • A RocketLead automation that fires on Leadstatus geändertGewonnen (the handoff pattern).

Architecture

Section titled “Architecture”
[RocketLead "Leadstatus geändert" → Gewonnen]
       ↓ HTTP Request automation node
[Make.com webhook]
       ↓ GET login page (capture CSRF #1)
       ↓ POST login (with CSRF #1)
       ↓ GET contact create form (capture CSRF #2)
       ↓ POST contact create (with CSRF #2 + lead data)
[Budoo.one — contact created]

Six HTTP modules in Make plus two regex parsers. Cookie sharing between modules carries the Yii session.

Step 1 — Build the Make scenario

Section titled “Step 1 — Build the Make scenario”

The full module-by-module walkthrough below. If your Make plan supports blueprint imports, the reference blueprint can be loaded directly — otherwise build each module manually as described.

Module 1 — Webhook trigger (Catch Hook)

Section titled “Module 1 — Webhook trigger (Catch Hook)”
  • Module: Webhooks → Custom webhook.
  • Name: RocketLead → Budoo Lead-Gewonnen (or whatever — Make uses this as the visible label).
  • Copy the generated URL. You’ll paste it into the RocketLead HTTP Request body in Step 2.

After saving, Make waits for the first request to learn the payload schema. The expected schema is:

{
    firstName: string;
    lastName: string;
    childFirstName: string;        // optional — surfaced in Budoo's contact notes via the lead's data
    email: string;
    phone: string;
    kurs: string;                  // optional — course interest tag
}

Module 2 — GET login page (capture CSRF token #1)

Section titled “Module 2 — GET login page (capture CSRF token #1)”
  • Module: HTTP → Make a request.
  • Method: GET
  • URL: https://login.budoo.one/site/login
  • Parse response: Yes (we’ll regex through the HTML next).
  • Share cookies with other HTTP modules: Yes — critical. The Yii session cookie set on this request must persist to every later module.

Budoo’s login page contains a hidden CSRF input:

<input name="_csrf-masi-backend" value="<token>" type="hidden">

Module 3 — Text parser (extract CSRF #1)

Section titled “Module 3 — Text parser (extract CSRF #1)”
  • Module: Text parser → Match pattern.
  • Pattern: name="_csrf-masi-backend" value="([^"]+)"
  • Case-sensitive: Yes
  • Text: map from module 2’s response body.

The captured group ($1) is the CSRF token for the login POST.

Module 4 — POST login (with CSRF #1)

Section titled “Module 4 — POST login (with CSRF #1)”
  • Module: HTTP → Make a request.
  • Method: POST
  • URL: https://login.budoo.one/site/login
  • Body type: Raw.
  • Content type: custom → application/x-www-form-urlencoded
  • Share cookies: Yes.
  • Headers: 
    Content-Type: application/x-www-form-urlencoded
    Origin: https://login.budoo.one
    Referer: https://login.budoo.one/site/login
  • Request content (body): 
    _csrf-masi-backend={{ encodeURL(<module-3>.$1) }}&LoginForm%5Busername%5D=<URL-ENCODED-USERNAME>&LoginForm%5Bpassword%5D=<URL-ENCODED-PASSWORD>&LoginForm%5BrememberMe%5D=0

After this POST, Budoo redirects (302) to the dashboard and sets an authenticated session cookie. With Share cookies enabled, the next module inherits the session.

Module 5 — GET contact-create form (capture CSRF token #2)

Section titled “Module 5 — GET contact-create form (capture CSRF token #2)”
  • Module: HTTP → Make a request.
  • Method: GET
  • URL: https://login.budoo.one/contact/create
  • Follow redirect: Yes.
  • Share cookies: Yes.
  • Headers: 
    Referer: https://login.budoo.one/
  • Parse response: Yes.

Yii issues a fresh CSRF token per form — the one from the login page isn’t reusable. We need to scrape the new one.

Module 6 — Text parser (extract CSRF #2)

Section titled “Module 6 — Text parser (extract CSRF #2)”
  • Module: Text parser → Match pattern.
  • Pattern: name="_csrf-masi-backend" value="([^"]+)" (same regex as before).
  • Text: map from module 5’s response body.

Module 7 — POST contact-create (with CSRF #2 + RocketLead lead data)

Section titled “Module 7 — POST contact-create (with CSRF #2 + RocketLead lead data)”
  • Module: HTTP → Make a request.
  • Method: POST
  • URL: https://login.budoo.one/contact/create
  • Body type: Raw.
  • Content type: custom → application/x-www-form-urlencoded
  • Share cookies: Yes.
  • Headers: 
    Content-Type: application/x-www-form-urlencoded
    Origin: https://login.budoo.one
    Referer: https://login.budoo.one/contact/create
  • Request content (body — template, with {{1.field}} referencing the webhook payload from module 1): 
    _csrf-masi-backend={{ encodeURL(<module-6>.$1) }}&ContactCreateForm%5Bgender%5D=&ContactCreateForm%5Bfirstname%5D={{ encodeURL(1.firstName) }}&ContactCreateForm%5Blastname%5D={{ encodeURL(1.lastName) }}&ContactCreateForm%5Bbirthday_formatted%5D=&ContactCreateForm%5Bemail%5D={{ encodeURL(1.email) }}&ContactCreateForm%5Bphone%5D={{ encodeURL(1.phone) }}&ContactCreateForm%5Bstreet%5D=&ContactCreateForm%5Bzipcode%5D=&ContactCreateForm%5Bcity%5D=&submitbtn=save

Pass empty values (...=&) for fields you don’t have. Every dynamic value must be wrapped in Make’s encodeURL(...) function — emails with + symbols, names with umlauts, etc. will otherwise break the form submission.

A successful POST returns a 302 redirect to the new contact’s detail page. With Follow redirect: No, the response body is empty and the Location header indicates success.

Step 2 — Wire RocketLead to Make

Section titled “Step 2 — Wire RocketLead to Make”

This is the standard handoff pattern — same shape as MATOOL or Magicline, only the destination differs.

  1. In the RocketLead console → Automations → New automation.
  2. Auslöser → Leadstatus geändert — filter to Neuer Status: Gewonnen on the relevant Lead Pool(s).
  3. HTTP Request action:
    • Method: POST
    • URL: the Make webhook URL from Module 1.
    • Headers: {"Content-Type": "application/json"}
    • Body: 
      {
          "firstName":      "{{<triggerNodeId>.tableEntry.data.firstName}}",
          "lastName":       "{{<triggerNodeId>.tableEntry.data.lastName}}",
          "childFirstName": "{{<triggerNodeId>.tableEntry.data.childFirstName}}",
          "email":          "{{<triggerNodeId>.tableEntry.data.email}}",
          "phone":          "{{<triggerNodeId>.tableEntry.data.phone}}",
          "kurs":           "{{<triggerNodeId>.tableEntry.data.kurs}}"
      }
    • Raw dates: Enable.
  4. Save and activate.

Step 3 — Test end to end

Section titled “Step 3 — Test end to end”
  1. Run a test lead through RocketLead to Gewonnen.
  2. In Make, switch to History for the scenario — every module’s input and output is captured.
  3. Confirm the final contact-create POST returned 302 and a Location header pointing to the new contact.
  4. Verify in Budoo’s contact list that the entry actually appears with the expected fields.

Things that will eventually break

Section titled “Things that will eventually break”
SymptomLikely cause
CSRF regex returns no matchBudoo changed the field name or HTML attribute order. Inspect their HTML and update the regex.
Login POST returns 200 with the login page in the bodyWrong username/password (typo or URL-encoding bug), or Budoo enabled MFA / a captcha.
Contact POST returns the form page back instead of 302Validation failed server-side. Check Make’s response capture for inline error messages — usually email format, required-field omissions, or stale CSRF.
Random 502s / connection dropsBudoo-side issue. Make retries automatically.
Login works but contact create returns 403The logged-in user lost contact-create permission, or the session expired between login and create. Try lowering the time between modules.

Caveats

Section titled “Caveats”
  • No official support. Budoo can change their login flow, CSRF field name, form structure, or session-cookie name at any time. We have zero advance notice.
  • Credentials are stored in Make.com. The Module 4 body carries the username and password URL-encoded as plaintext. Anyone with Make scenario edit access can read them. Use a dedicated service account in Budoo if possible.
  • No rate limit awareness. Budoo doesn’t publish one. If the RocketLead automation fires bursts, the scenario could trip Budoo’s anti-abuse. Build a Warte (delay) helper into the RocketLead automation if you have spiky lead volume.
  • One-way only. No event push from Budoo. To get Budoo activity back into RocketLead, you’d need a polling integration on your own — not covered here.
  • Future: native node. We’re considering a dedicated CSRF capture flow node and a form submit helper to internalize this complexity. Once that lands, the Make.com bridge can be removed.
Section titled “Related”